R1 · beacon security layer

Beacon Security Layer.

Hub-side observability and signed advisories with bounded authority: the Hub nudges, the operator decides, the agent executes.

The bounded role of the Hub

The Hub cannot decrypt session content. That is not a bug. It is the design boundary. The Security Layer therefore works with metadata, behavior, and policy rather than payload omniscience. It can detect abuse patterns, issue a signed advisory, and recommend action. It cannot silently execute the action itself.

Cycle the advisory enum. Keep the log narrow.

The mini log shows what the Hub can observe without plaintext. The carousel cycles the closed advisory enum, one signed recommendation at a time, with no generic assistant drift.

carousel live
Mini event log
Signed advisory

SECURITY_PATCH_AVAILABLE

CVE in the client; upgrade path available.

Consent boundary
Recommended action
launch r1:self-update skill
Closed advisory enum · 13 types

Closed advisory enum

The enum is intentionally narrow. This keeps the action surface reviewable and prevents drift into generic, persuasive “AI assistant” behavior. The Hub can recommend. The operator still signs. The agent still executes inside the consent matrix.